vendor:
MyCalendar
by:
5.5
CVSS
MEDIUM
Cross-site scripting
79
CWE
Product Name: MyCalendar
Affected Version From: 2.20.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Cross-site scripting vulnerabilities in MyCalendar
The MyCalendar application is vulnerable to multiple cross-site scripting vulnerabilities due to inadequate sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, within the context of the affected site. This can lead to the theft of authentication credentials and enable the attacker to launch further attacks.
Mitigation:
To mitigate these vulnerabilities, it is recommended to implement proper input sanitization and validation techniques. All user-supplied input should be properly encoded or filtered to prevent the execution of arbitrary script code.